A Computer Is Always Vulnerable, Even When Turned Off

The SANS Internet Storm Center’s tip of the day says that a computer can not be compromised while turned off.

There are services that can still run when the computer is turned off. For example, Intel’s new Active Management Technology (AMT) which will be built into future processors, allow remote management capabilities even when the computer is turned off. AMT also allows administrates to remotely turn on the computer.

This provides potential attacks vectors which can be used even against computers that are turned off. For example, if an attacker can gain access to a single administrator machine on a network, it could potentially access every computer on the network using the built-in AMT-enabled chipset.

While there are currently no known vulnerabilities in AMT, a worm exploiting an AMT vulnerability could potentially infect computers regardless of if they are turned on or not.

In addition to turning off a computer, it is recommended that you disconnect from the network completely. If you use a laptop, the wireless card and services such as Bluetooth should be completely disabled as well. At this year’s BlackHat, Jon Ellch and David Maynor demonstrated it is possible to remotely exploit a laptop with a vulnerable wireless card even if it is not currently connected to a network.

With a computer completely disconnected from the network, the last remaining security concern is physical security. Physical desk locks, strong passwords and data encryption should be used. (Confidentiality and Integrity). As well as secure, remote data backups. (Availability)

One Response to “A Computer Is Always Vulnerable, Even When Turned Off”

Roy Says:August 29th, 2006 at 5:38 amActually, the ISC is right. What you’ve noted is actually that it’s just getting harder to actually turn a computer off. Much like modern TVs, DVD players and even VCRs, the choice is between ‘ON’ and ‘Standby’, where the standby mode leaves a lot of code running.Your suggestions are still good, though. (but the Ellch/Maynor exploit has been pretty well debunked by now)